Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. Follow me on Twitter: @securityaffairs and Facebook.

Scams 140

Scams Accountability Mobile Hacking 140

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 88

Accountability Phishing Authentication Architecture 88

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

VPN 126

VPN IoT Cybersecurity Engineering 126

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Japan have already deployed to streamline sign-in for their users. ” continues the post.

Accountability 92

Accountability Passwords Password Management Phishing 92

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. ” reads trhe announcement published by DKWOC. “Activities using CVE-2023-23397 were first discovered by CERT-UA[2] and publicly described by Microsoft[3].

Accountability 105

Accountability Government Phishing Authentication 105

Security Affairs

JUNE 15, 2022

PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. The document updates the information provided in the Dark Web Index 2022 report. The document updates the information provided in the Dark Web Index 2022 report.

Identity Theft 93

Identity Theft Accountability DDOS Cybercrime 93

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. ” reads the analysis published by Palo Alto Networks.

Accountability 88

Accountability Cryptocurrency Malware Phishing 88

Security Affairs

MARCH 28, 2022

While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). " The Central Bank of Russian Federation leak (28 GB) has been published by Anonymous #Ukraine #OPRussia pic.twitter.com/BJJBMpZESZ — The Black Rabbit World (@Thblckrbbtworld) March 25, 2022. ."

Accountability 97

Accountability Hacking Banking Government 97

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets.

Accountability 91

Accountability Education Media Authentication 91

Security Affairs

JULY 4, 2022

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. “Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.” Pierluigi Paganini.

Authentication 91

Authentication Risk Hacking Accountability 91

Security Affairs

JULY 22, 2022

Starting with Windows 11 Microsoft introduce by default an account lockout policy that can block brute force attacks. Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute force attacks. Follow me on Twitter: @securityaffairs and Facebook.

Accountability 92

Accountability Passwords Ransomware Hacking 92

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files.

Accountability 89

Accountability Phishing Financial Services Surveillance 89

Security Affairs

FEBRUARY 26, 2023

In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022. Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020.

Identity Theft 87

Identity Theft Data breaches Insurance Hacking 87

Security Affairs

MARCH 2, 2023

At the end of 2022, a security researcher discovered the stolen data on an unsecured server belonging to a group of hackers. The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database.

Accountability 81

Accountability Hacking Data breaches Passwords 81

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.

Cryptocurrency 77

Cryptocurrency Accountability Passwords Hacking 77

Security Affairs

AUGUST 5, 2022

million accounts was caused by the exploitation of a zero-day flaw. million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. Twitter confirmed that the recent data breach that exposed data of 5.4 At the end of July, a threat actor leaked data of 5.4

Accountability 104

Accountability Data breaches Authentication Media 104

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability 102

Accountability Phishing Passwords Hacking 102

Security Affairs

JANUARY 20, 2022

Crypto.com confirmed that a cyber attack compromised around 400 of its customer accounts leading in the theft of $33 million. Recently, several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts being protected with 2FA. ErgoBTC) January 18, 2022.

Accountability 86

Accountability Hacking Cryptocurrency Cyber Attacks 86

Security Affairs

MARCH 11, 2023

A new version of the Prometei botnet has infected more than 10,000 systems worldwide since November 2022, experts warn. Cisco Talos researchers reported that the Prometei botnet has infected more than 10,000 systems worldwide since November 2022. Russia only accounted for 0.31

Firewall 97

Firewall Malware Hacking Accountability 97

Security Affairs

NOVEMBER 23, 2022

Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966 , that impacts Windows Server. “Yes.

Authentication 100

Authentication Encryption Hacking Accountability 100

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Twilio last week announced that that the threat actors also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.

Accountability 91

Accountability Authentication Phishing Data breaches 91

Security Affairs

MARCH 6, 2022

A Linux kernel flaw, tracked as CVE-2022-0492 , can allow an attacker to escape a container to execute arbitrary commands on the container host. The vulnerability was discovered by the security researchers Yiqi Sun and Kevin Wang. 4, Linux announced CVE-2022-0492 , a new privilege escalation vulnerability in the kernel.

Hacking 93

Hacking Accountability Information Security 93

Security Affairs

SEPTEMBER 23, 2022

Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. The CVE-2022-24086 has received a CVSS score of 9.8 reads the advisory published by Adobe.

Media 76

Media Hacking Malware Accountability 76

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 229

Scams Artificial Intelligence Cryptocurrency Accountability 229

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 106

Banking Accountability Mobile Cryptocurrency 106

Security Affairs

FEBRUARY 9, 2022

Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. Microsoft February 2022 Patch Tuesday also addressed a publicly disclosed Elevation of Privilege zero-day in Windows Kernel tracked as CVE-2022-21989. both received a CVSS score of 8.8.

DNS 78

DNS Accountability Mobile Hacking 78

Security Boulevard

DECEMBER 8, 2022

AppsMas: 9 Memorable Moments of 2022. Thu, 12/08/2022 - 22:38. Onapsis turned 13 this year and by all accounts, 2022 was a pretty memorable year as we continue our mission of protecting the applications businesses rely on. Cybersecurity and Infrastructure Security Agency (CISA). Happy AppsMas! More AppsMas Blogs.

Small Business 52

Small Business Cybersecurity Technology Education 52

Security Affairs

NOVEMBER 20, 2023

US teenager Joseph Garrison (19) has pleaded guilty to his involvement in a credential stuffing campaign that targeted user accounts at a fantasy sports and betting website.3 3 On or about November 18, 2022, the man launched a credential stuffing attack on the Betting Website and gained access to approximately 60,000 accounts.

Accountability 111

Accountability Hacking Passwords Cybercrime 111

Security Affairs

APRIL 3, 2023

” The issues were reported to Microsoft in January and February 2022, following which the tech giant applied fixes and awarded Wiz a $40,000 bug bounty. . “Those attacks could compromise users’ personal data, including Outlook emails and SharePoint documents.” Below is the disclosure timeline: Jan.

Accountability 79

Accountability Education Media Authentication 79

Security Affairs

JULY 29, 2022

Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. Once installed the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2), a Confluence user account with the username “ disabledsystemuser ” is created.

Passwords 115

Passwords Accountability Hacking Ransomware 115

Security Affairs

SEPTEMBER 28, 2022

Meta dismantled a network of Facebook and Instagram accounts spreading disinformation across European countries. Meta announced to have taken down a huge Russian network of Facebook and Instagram accounts used to spread disinformation published on more than 60 websites impersonating news organizations across Europe. com 7/7/2022 UK.

Accountability 96

Accountability Advertising Media Internet 96

CyberSecurity Insiders

DECEMBER 6, 2021

The end of the year is a good time to reflect on the past 12 months and create a plan to improve in 2022. After analyzing the responses, below are five recommendations every CEO should know going into 2022. Security is an investment, and there is a correlation between job openings and current salaries.

Cybersecurity 105

Cybersecurity Ransomware Security Awareness Technology 105

Security Affairs

APRIL 23, 2024

. “North Korean hacking organizations sometimes infiltrated defense companies directly, and their security is relatively low. Hacking into vulnerable defense industry partners and stealing the defense industry company’s server account information.

Hacking 82

Hacking Malware Accountability Technology 82

Security Affairs

FEBRUARY 1, 2024

Once hijacked a SIM, the attacker can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. ” reads the press release published by DoJ.

Cryptocurrency 107

Cryptocurrency Computers and Electronics Accountability Scams 107

SecureList

DECEMBER 12, 2023

Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention (such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile , MailChimp and OpenAI in 2023). But are we really conscious of the true scale of the threat?

Data breaches 81

Data breaches Accountability Telecommunications Malware 81

Security Affairs

SEPTEMBER 8, 2023

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023. The vulnerability was addressed by the company on October 27th, 2022.

VPN 125

VPN Firewall Accountability Cybersecurity 125

Security Affairs

OCTOBER 4, 2023

. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.”

Software 119

Software Accountability Authentication Internet 119